Privacy Policy

The data controller is: Mistravonixalis SASU 27 Rue du Faubourg Saint-Honoré, 75008 Paris, France SIRET: 923 847 561 00014 Email: contact@mistravonixalis.com Publication director: Mr. Alexandre Bertrand

As part of our financial and social support services, we collect the following categories of data: • Identification data: surname, first name, email address • Communication data: content of messages sent via our contact form • Browsing data: IP address, browser type, pages visited, visit duration (via analytics cookies, subject to your consent) • Financial data: only if you voluntarily share it during a consultation We never collect sensitive data within the meaning of Article 9 of the GDPR (ethnic origin, political opinions, biometric data, etc.) without your explicit consent.

Your data is processed for the following purposes: • Responding to your contact and information requests • Assessing your eligibility for public aid schemes • Providing personalised support with your administrative procedures • Improving the quality of our services and website • Complying with our legal and regulatory obligations Legal basis: consent (Article 6.1.a GDPR), performance of a contract or pre-contractual measures (Article 6.1.b), legitimate interests (Article 6.1.f).

We retain your personal data for the period strictly necessary for the purposes described above: • Contact data: 3 years from your last interaction with our services • Browsing data: maximum 13 months (in accordance with CNIL recommendations) • Administrative documents: 5 years from the closure of your case • Accounting data: 10 years in accordance with French legal obligations At the end of these periods, your data is deleted or irreversibly anonymised.

Your personal data may be shared with the following recipients: • Our internal advisors and staff, strictly within the scope of their duties • Our technical subcontractors (OVH SAS hosting, email service provider) bound by confidentiality commitments • Public authorities, only where legally required We never sell or rent your personal data to third parties for commercial purposes.

In principle, your data is hosted and processed within the European Union. Should a transfer to a third country be necessary, it would be governed by appropriate safeguards (European Commission standard contractual clauses, adequacy decision) in accordance with Chapter V of the GDPR.

Under the GDPR and the French Data Protection Act, you have the following rights: • Right of access: obtain confirmation that your data is being processed and receive a copy • Right to rectification: correct inaccurate or incomplete data • Right to erasure: request deletion of your data (subject to legal obligations) • Right to restriction of processing: restrict processing in certain circumstances • Right to data portability: receive your data in a structured, commonly used format • Right to object: object to processing based on our legitimate interests • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing To exercise these rights, contact us at: contact@mistravonixalis.com You also have the right to lodge a complaint with the French Data Protection Authority (CNIL) — www.cnil.fr.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure. These measures include data encryption in transit (TLS/SSL), strict access controls, regular backups and staff awareness training on data protection.

This policy may be updated periodically to reflect changes in our practices or regulatory requirements. In the event of a substantial change, we will inform you via a notification on our website. The date of the last update is indicated at the top of this document.